Homemade Drone Attack on Russian Air Bases and the Need for Trustless Computing Certifications

On the night of January 5th Russian military bases came under attack from rebel groups via 13 sophisticated home-made drones which flew autonomously via pre-programmed routes over 60 miles away. Reportedly 7 were shot down and 6 were remotely hacked to land.

The relative success of this attack is likely, unfortunately, to spell a wave of imitations by other terrorists, similarly with what we have seen with trucks driven by kamikaze terrorist mowing innocent bystanders in EU cities.

Last November, “a person flew a drone into an NFL stadium and dropped pamphlets in the crowd. He then recovered his drone, drove to another nearby NFL stadium and did it again.” as recalled by US Colonel James Coughlin of US Air Force.

He goes on proposing that “Larger drones should require a drone certification license similar to FAA certifications.” This is a must so that only authorized and certified larger drones will be able to fly in dense urban areas, such as aerial video, security, or smart city services. But then such certifications would not solve the problem unless they will be highly resistant to the following scenarios:

  • Attacker hacking the control of an authorized drone, have it land, attach payload of bombs with remote-controlled release mechanism, and attack crowded places, landmarks or institutional building targets.

  • Attacker flying a counterfeited drone pretending to be an authorized one, fouling on the ground authentication systems in appearance and in radio emissions.

Achieving a meaningful mitigation of the 2 risks above requires standards and certification which are inspired by FAA in their robustness and trustlessness, as suggested by many. But it would be economically unfeasible to apply such model to drones in civilian air spaces, as it would carry exorbitant costs per each drone and its lifecycle and operations.

So, therefore, the main route to solve this challenge should be to require that the most critical subsystems of drones be radically more resistant to threats 1 and 2, by applying uncompromising security-by-design paradigms down to the CPU, fabrication oversight, and standard setting.

Last September, US Air Force and Techstars launched the Autonomous Technology Accelerator in Boston. Seeking to mitigate such threats by focusing on “commercially viable startups with dual-purpose technologies – a private sector & a government application, including companies with autonomous technology with the ability to detect, track, identify, characterize, attribute & mitigate unmanned aerial systems, or anything related.

We are working on that at Trustless Computing Association and TRUSTLESS.AI. We are building a new standards-setting and certification body, a compliant open target architecture for general-purpose computing (pdf), and initial devices with radically more advanced assurance levels, initially for the most critical human communications and then for security-critical remote-controlled and autonomous systems in dense urban environments, such as drone and self-driving cars.

Rufo Guerreschi